Vulnerabilidades em SAP SE

778 resultados
Análise Vexday

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2018-2378In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource EPSS 0.9%CVE-2018-2377In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized useEPSS 0.9%CVE-2018-2382A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a coEPSS 0.9%CVE-2022-28771Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send maliciouEPSS 0.9%CVE-2018-2372A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentialiEPSS 0.9%CVE-2018-2387A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on EPSS 0.9%CVE-2021-27623MEDIUMSAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing sEPSS 0.9%CVE-2021-27603MEDIUMAn RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for anEPSS 0.9%CVE-2020-6227MEDIUMSAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP pacEPSS 0.9%CVE-2019-0308An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price oEPSS 0.9%CVE-2018-2419LOWSAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perfEPSS 0.9%CVE-2020-6187MEDIUMSAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input fEPSS 0.9%CVE-2021-33708HIGHDue to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.EPSS 0.9%CVE-2022-27658Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information EPSS 0.9%CVE-2021-21478MEDIUMSAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.EPSS 0.9%CVE-2022-22531The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloadEPSS 0.8%CVE-2021-27617MEDIUMThe Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently valiEPSS 0.8%CVE-2021-27618MEDIUMThe Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file tyEPSS 0.8%CVE-2020-6177MEDIUMSAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partiEPSS 0.8%CVE-2022-26108When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - versionEPSS 0.8%